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Se parating access control policy, enforcement, and functionality in extensible systems 



Robert Grimm, Brian N. Bershad 

February 2001 ACM Transactions on Computer Systems (TOCS), volume i9 issue i 

Additional Information: full citation , abstract , references , citings, index 
terms , review 



Full text available: "g pdfd 64.03 KB) 



Extensible systems, such as Java or the SPIN extensible operating system, allow for units of 
code, or extensions, to be added to a running system in almost arbitrary fashion. 
Extensions closely interact through low-latency but type-safe interfaces to form a tightly 
integrated system. As extensions can come from arbitrary sources, not all of whom can be 
trusted to conform to an organization's security policy, such structuring raises the question 
of how security constraints are enforced in an ... 

Keywords: Java, SPIN, access check, auditing, extensible systems, policy-neutral 
enforcement, protection domain, protection domain transfer, security policy 



S ystem support for pervasive applications 

Robert Grimm, Janet Davis, Eric Lemar, Adam Macbeth, Steven Swanson, Thomas Anderson, 

Brian Bershad, Gaetano Borriello, Steven Gribble, David Wetherall 

November 2004 ACM Transactions on Computer Systems (TOCS), volume 22 issue 4 

Full text available:^ pdf( 1 .82 MB ) Additional Information: full citation , ab stract , references , i ndex terms 

Pervasive computing provides an attractive vision for the future of computing. 
Computational power will be available everywhere. Mobile and stationary devices will 
dynamically connect and coordinate to seamlessly help people in accomplishing their tasks. 
For this vision to become a reality, developers must build applications that constantly adapt 
to a highly dynamic computing environment. To make the developers* task feasible, we 
present a system architecture for pervasive computing, called & ... 

Keywords: Asynchronous events, checkpointing, discovery, logic/operation pattern, 
migration, one. world, pervasive computing, structured I/O, tuples, ubiquitous computing 



^ Distributed file systems: concepts and examples 
Eliezer Levy, Abraham Silberschatz 

December 1990 ACM Computing Surveys (CSUR), volume 22 issue 4 
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Full text available: ^ pdf(5.33 MB) Additional Information: full citation , abstract , references , citings , index 

terms , review 

The purpose of a distributed file system (DFS) is to allow users of physically distributed 
computers to share data and storage resources by using a common file system. A typical 
configuration for a DFS is a collection of workstations and mainframes connected by a local 
area network (L^N). A DFS is implemented as part of the operating system of each of the 
connected computers. This paper establishes a viewpoint that emphasizes the dispersed 
structure and decentralization of both data and con ... 

^ Applicatio ns: YouServ: a web-hostin g and content sharin g tool for the masses 
Roberto J. Bayardo Jr., Rakesh Agrawal, Daniel Gruhl, Amit Somani 

May 2002 Proceedings of the eleventh international conference on World Wide Web 

II* ^ ui 0t ^*/ooo >io Additional Information: full citation , abstract , references , citings, index 

Full text available: lMpdf{238.48 KB) ^ 

terms 

YouServ is a system that allows its users to pool existing desktop computing resources for 
high availability web hosting and file sharing. By exploiting standard web and internet 
protocols (e.g. HTTP and DNS), YouServ does not require those who access YouServ- 
published content to install special purpose software. Because it requires minimal server- 
side resources and administration, YouServ can be provided at a very low cost. We describe 
the design. Implementation, and a successful intrane ... 

Keywords: decentralized systems, p2p, peer-to-peer networks, web hosting 



5 Development of an object-oriented DBMS 
David Maier, Jacob Stein, Allen Otis, Alan Purdy 

June 1986 ACM SIGPLAN Notices , Conference proceedings on Object-oriented 

programming systems, languages and applications, volume 21 issue 11 

.- .. * ^ •• ui 0 ^t^4^nKMo\ Additional Information: full citation, abstract, referen ces, citings, index 

Full text available: 1p pdf(1.12 MB) 7 ; 

^ terms 

We describe the results of developing the GennStone object-oriented database server, which 
supports a model of objects similar to that of Smalltalk-80. We begin with a summary of 
the goals and requirements for the system: an extensible data model that captures 
behavioral semantics, no artificial bounds on the number or size of database objects, 
database amenities (concurrency, transactions, recovery, associative access, authorization) 
and an interactive development environment. Object-orient ... 

6 A comparison of two network-based file servers 
James G. Mitchell, Jeremy Dion 

April 1982 Communications of the ACM, volume 25 issue 4 

r- II* ^ 1 ui 0 ^*MCAiv^D\ Additional Information: full citation , abstract , references , citings , index 

Full text available: 1p pdf(1.50 MB) : 

^ terms 

This paper compares two working network-based file servers, the Xerox Distributed File 
System (XDFS) implemented at the Xerox Palo Alto Research Center, and the Cambridge 
File Server (CFS) implemented at the Cambridge University Computer Laboratory. Both 
servers support concurrent random access to files using atomic transactions, both are 
connected to local area networks, and both have been in service long enough to enable us 
to draw lessons from them for future file servers. We ... 

7 Minos: Control Data Attack Prevention Orthogonal to Memory Model 
Jedidiah R. Crandall, Frederic T. Chong 

December 2004 Proceedings of the 37th International Symposium on Microarchitecture 

Full text available: 'Pl pdf(255.53 KB) Additional Information: full citation , abstract 
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We introduce Minos, a microarclnitecture that implements Biba's low-water-mark integrity 
policy on individual words of data. Minos stops attacks that corrupt control data to hijack 
program control flow but is orthogonal to the memory model. Control data is any data 
which is loaded into the program counter on control flow transfer, or any data used to 
calculate such data. The key is that Minos tracks the integrity of all data, but protects 
control flow by checking this integrity when a program use ... 

A taxonomy of computer program security flaws 

Carl E. Landwehr, Alan R. Bull, John P. McDermott, William S. Choi 

September 1994 ACM Computing Surveys (CSUR), volume 26 issue 3 

r- .. . ^ -. u. 0k jr/o n.Dx Additional Information: full citation , abstract, references , citings, jndejx 
Full text available: TO pdf(3.61 MB) ^ : 

terms , review 

An organized record of actual flaws can be useful to computer system designers, 
programmers, analysts, administrators, and users. This survey provides a taxonomy for 
computer program security flaws, with an Appendix that documents 50 actual security 
flaws. These flaws have all been described previously in the open literature, but in widely 
separated places. For those new to the field of computer security, they provide a good 
introduction to the characteristics of security flaws and how they ... 

Keywords: error/defect classification, security flaw, taxonomy 



^ Inte g ratin g an ob j ect server with other worlds 
Alan Purdy, Bruce Schuchardt, David Maier 

January 1987 ACM Transactions on Information Systems (TOIS), volume 5 issue i 

.1* * -■ ui 0 ^f/H ^J.D\ Additional Information: full citation , abstract, re ferences , citings, index 
Full text available: pdf(1.61 MB) ; T 

1^^ terms , review 

Object-oriented database servers are beginning to appear on the commercial market in 
response to a demand by application developers for increased modeling power in database 
systems. Before these new servers can enhance the productivity of application designers, 
systems designers must provide simple interfaces to them from both procedural and object- 
oriented languages. This paper first describes a successful interface between an object 
server and two procedural languages (C and Pascal). Beca ... 

^0 A cry ptogra phic file system for UNIX 
Matt Blaze 

December 1993 Proceedings of the 1st ACM conference on Computer and 

communications security 

I- .1 * ^ •■ ui 0t ^^/ncc CO i^D\ Additional Information: full citation , abstract , references , citings , index 
Full text available: ^ pdf(955.62 KB) terms 

Although cryptographic techniques are playing an increasingly important role in nnodern 
computing system security, user-level tools for encrypting file data are cumbersome and 
suffer from a number of inherent vulnerabilities. The Cryptographic File System (CFS) 
pushes encryption services into the file system itself. CFS supports secure storage at the 
system level through a standard Unix file system interface to encrypted files. Users 
associate a cryptographic key with the directories ... 

WFS a sinnple shared file systenn for a distributed environment 
Daniel Swinehart, Gene McDaniel, David Boggs 

December 1979 Proceedings of the seventh ACM symposium on Operating systems 
principles 

f- II* ^ -I ui^ « A4f-FCL4 Additional Information: full citation , abstract , references , citings , index 
Full text available: IBS pdf(751.34 KB) ; 

^^'^ terms 
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WFS is a shared file server available to a large network community. WFS responds to a 
carefully limited repertoire of commands that client programs transmit over the network. 
The system does not utilize connections, but instead behaves like a remote disk and reacts 
to page-level requests. The design emphasizes reliance upon client programs to implement 
the traditional facilities (stream 10, a directory system, etc.) of a file system. The use of 
atomic commands and connectionless protocols n ... 

^ 2 An embedded domain-specific language for type-safe server-side web scri pting Q 
Peter Thiemann 

February 2005 ACM Transactions on Internet Technology (TOIT), volume 5 issue i 

Full text available: ^ pdf(336.60 KB) Additional Information: full citation , abstract , references , ind ex terms 

WASH/CGI is an embedded domain-specific language for server-side Web scripting. Due to 
its reliance on the strongly typed, purely functional programming language Haskell as a 
host language, it is highly flexible and— at the same time— it provides extensive 
guarantees due to its pervasive use of type information. WASH/CGI can be structured into a 
number of sublanguages addressing different aspects of the application. The document 
sublanguage provides tools for the generation of parameter! ... 

Keywords: Interactive Web services, Web programming 



File and storage systems: Decentralized user authentication in a global file system 
Michael Kaminsky, George Savvides, David l^azieres, M. Frans Kaashoek 
October 2003 Proceedings of the nineteenth ACM symposium on Operating systems 
principles 

Full text available: ^ pdf(1 44.43 KB) Additional information: full citation , abstract , references . Index terms 

The challenge for user authentication in a global file system is allowing people to grant 
access to specific users and groups in remote administrative domains, without assuming 
any kind of pre-existing administrative relationship. The traditional approach to user 
authentication across administrative domains is for users to prove their identities through a 
chain of certificates. Certificates allow for general forms of delegation, but they often 
require more infrastructure than is necessary to sup ... 

Keywords: ACL, SFS, authentication, authorization, credentials, file system, groups, users 




1 4 Market Net: market-based protection of information systems Q 
y. Yemini, A. Dailianas, D. Florlssi, G. Huberman 

October 1998 Proceedings of the first international conference on Information and 
computation economies 

Full text available: ^ pdf(1.14 MB ) Additional Information: full citation , references, citing s, index terms 



15 Security: Zero-interaction authentication 
Mark D. Corner, Brian D, Noble 

September 2002 Proceedings of the 8th annual international conference on Mobile 

computing and networking 

r- ., * ^ -I ui 0t «w*/o-7o on UD\ Additional Information: full citation , abstract , references , citings , index 

Full text available: Ta pdf(273.30 KB) ^ — ■ 

^ terms 

Laptops are vulnerable to theft, greatly increasing the likelihood of exposing sensitive files. 
Unfortunately, storing data in a cryptographic file system does not fully address this 
problem. Such systems ask the user to imbue them with long-term authority for decryption, 
but that authority can be used by anyone who physically possesses the machine. Forcing 
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the user to frequently reestablish his identity is intrusive, encouraging hinn to disable 
encryption. Our solution to this problem is Zero- ... 

Keywords: cryptographic file systems, mobiie computing, stacloble file systems, transient 
authentication 



Security on the move: indirect authentication usin g Kerberos 
Armando Fox, Steven D. Gribble 

November 1996 Proceedings of the 2nd annual international conference on Mobile 
computing and networking 

Full text available: ^ pdf(1.34 MB) Additional Information: full citation , references , citings , index terms 



^7 Privacy: Privacy and security in library RFID: issues, practices, and architectures 
David Molnar, David Wagner 

October 2004 Proceedings of the 11th ACM conference on Computer and 
communications security 

Full text available: ^ pdf(241.45 KB) Additional Information: full citation , abstract , references . Index terms 

We expose privacy issues related to Radio Frequency Identification (RFID) in libraries, 
describe current deployments, and suggest novel architectures for library RFID. Libraries 
are a fast growing application of RFID; the technology promises to relieve repetitive strain 
injury, speed patron self-checkout, and make possible comprehensive inventory. Unlike 
supply-chain RFID, library RFID requires item-level tagging, thereby raising immediate 
patron privacy issues. Current conventional wisdom su ... 



Keywords: RFID, privacy, private authentication, security 



''^ Sh aring and protection i n a sin gl e-address-space operatin g system 
Jeffrey S. Chase, Henry M, Levy, Michael J. Feeley, Edward D. Lazowska 
November 1994 ACM Transactions on Computer Systems (TOCS), volume 12 issue 4 

r- II* ^ -I ui 01 ^</oo7ft>iDx Additional Information: full citation , abstract , references , citin gs. Index 

Full text available: tsn pdf(2.87 MB) ^ 

y^--'' terms 

This article explores memory sharing and protection support in Opal, a single-address- 
space operating system designed for wide-address (64-bit) architectures. Opal threads 
execute within protection domains in a single shared virtual address space. Sharing is 
simplified, because addresses are context independent. There is no loss of protection, 
because addressability and access are independent; the right to access a segment is 
determined by the protection domain in which a thread executes. T ... 

Keywords: 64-bit architectures, capability-based systems, microkernel operating systems, 
object-oriented database systems, persistent storage, protection, single-address-space 
operating systems, wide-address architectures 



Distributed operatin g systems 

Andrew S. Tanenbaum, Robbert Van Renesse 

December 1985 ACM Computing Surveys (CSUR), volume 17 issue 4 

Full text available* S pdf(5 49 MB) Additional Information: full citation , abstract , references , citings , index 
. ^ : terms , review 

Distributed operating systems have many aspects In common with centralized ones, but 
they also differ in certain ways. This paper is intended as an introduction to distributed 
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operating systems, and especially to current university research about them. After a 
discussion of what constitutes a distributed operating system and how it is distinguished * 
from a computer network, various key design issues are discussed. Then several examples 
of current research projects are examined In some detail ... 

20 Improving the granularity of access control for Windows 2000 H 
l^ichael M. Swift, Anne Hopkins, Peter Brundrett, Cliff Van Dyke, Praerit Garg, Shannon Chan, 
Mario Goertzel, Gregory Jensenworth 

November 2002 ACM Transactions on Information and System Security (TISSEC), volume 



This article presents the mechanisms in Windows 2000 that enable fine-grained and 
centrally managed access control for both operating system components and applications. 
These features were added during the transition from Windows NT 4.0 to support the Active 
Directory, a new feature in Windows 2000, and to protect computers connected to the 
Internet. While the access control mechanisms in Windows NT are suitable for file systems 
and applications with simple requirements, they fall short of the ... 

Keywords: Access control lists, Microsoft Windows 2000, Windows NT, active directory 
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21 Securin g a global v illag e and its resources : b ase li ne secur i ty for inte r connected 
signaling system #7 telecommunications networks 
Hank M. Kluepfel 

December 1993 Proceedings of the 1st ACM conference on Computer and 
communications security 

Full text available: ^ pdf(1.19 MB) Additional Information: full citation , abstract , r eferences . Mexjterms 

The resulting national focus on Network Integrity issues, spawned the development of an 
industry commitment to affect and realize a minimum security baseline for interconnected 
SS7 networks. In addition the affected carriers in those outage have accelerated their 
pursuit of secure solutions to today's Intelligent networking. [2]This paper will focus on the 
development of the baseline and the current effort to take the baseline into national, e.g., 
National Ins ... 



22 Level II te c hnical sup port in a distributed c om puting environm ent 
Tim Leehane 

September 1996 Proceedings of the 24th annual ACI^ SIGUCCS conference on User 
services 

Full text available: ^ pdf(5 .73 MB) Additional Information: full citation , references. indexleinLS 



23 O b j ectGlobe: Ubiquitous query processin g on th e Intemet Q 
R. Braumandl, M. KeidI, A. Kemper, D. Kossmann, A. Kreutz, S. Seltzsam, K. Stocker 
August 2001 The VLDB Journal — The International Journal on Very Large Data Bases, 

Volume 10 Issue 1 

Full text available: ^ pdf( 25 1.44 KB) Additional Information: full citation , abstrac t, citin gs, index terms 

We present the design of ObjectGlobe, a distributed and open query processor for Internet 
data sources. Today, data is published on the Internet via Web servers which have, if at all, 
very localized query processing capabilities. The goal of the ObjectGlobe project is to 
establish an open marketplace in which data and query processing capabilities can be 
distributed and used by any kind of Internet application. Furthermore, ObjectGlobe 
integrates cycle providers (i.e., machi ... 

Keywords: Cycle-, function- and data provider, Distributed query processing. Open 
systems, Privacy, Quality of service. Query optimization. Security 
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24 Security as a new dimension in embedded system desi g n: Security as a new 
dimension in embedded system desi gn 

Srivaths Ravi, Paul Kocher, Ruby Lee, Gary McGraw, Anand Raghunathan 
June 2004 Proceedings of the 41st annual conference on Design automation - Volume 
00 

I- II * ^ ui Alt ^f/oAo lyox Additional Information: full citation , abstract , references , citings , index 

Full text available: TO pdf( 209.10 KB) 

^ terms 

The growing number of instances of breaches in information security in the last few years 
has created a compelling case for efforts towards secure electronic systems. Embedded 
systems, which will be ubiquitously used to capture, store, manipulate, and access data of a 
sensitive nature, pose several unique and interesting security challenges. Security has been 
the subject of intensive research in the areas of cryptography, computing, and networking. 
However, despite these efforts, security is 

Keywords: PDAs, architectures, battery life, cryptography, design, design methodologies, 
digital rights management, embedded systems, performance, security, security processing, 
security protocols, sensors, software attacks, tamper resistance, trusted computing, viruses 



25 Manageabilit y, ayailability, and performance in porcupine: a hi ghl y scalable, cluster- 
based mail service 

Yasushi Saito, Brian N. Bershad, Henry M. Levy 

August 2000 ACM Transactions on Computer Systems (TOCS), volume is issue 3 

Full text available: ^ pdf(2.52 MB) Additional Information: full citation , abstract , references , index terms 

This paper describes the motivation, design and performance of Porcupine, a scalable mail 
server. The goal of Porcupine is to provide a highly available and scalable electronic mail 
service using a large cluster of commodity PCs. We designed Porcupine to be easy to 
manage by emphasizing dynamic load balancing, automatic configuration, and graceful 
degradation in the presence of failures. Key to the system's manageability, availability, and 
performance is that sessions, data, and underlying ... 

Keywords: cluster, distributed systems, email, group membership protocol, load 
balancing, replication 
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Liba Svobodova 

December 1984 ACi^ Computing Surveys (CSUR), volume 16 issue 4 

Full text available: fi^ pdf(4.23 MS) Additional Information: full citation , references , citings , index terms , review 
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Gerald J. Popek, Charles S. Kline 

December 1979 ACM Computing Surveys (CSUR), volume ii issue 4 
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AtuI Adya, William J. Bolosky, Miguel Castro, Gerald Cermak, Ronnie Chaiken, John R. 
Douceur, Jon Howell, Jacob R. Lorch, Marvin Theimer, Roger P. Wattenhofer 
December 2002 ACM SIGOPS Operating Systems Review, volume 36 issue si 

Full text available: ^pdf (1.87 MB) Additional Information: full citation , abstract , references 

Farsite is a secure, scalable file system that logically functions as a centralized file server 
but is physically distributed among a set of untrusted compliters. Farsite provides file 
availability and reliability through randomized replicated storage; it ensures the secrecy of 
file contents with cryptographic techniques; it maintains the integrity of file and directory 
data with a Byzantine-fault-tolerant protocol; it is designed to be scalable by using a 
distributed hint mechanism and delegatio ... 

Extensible security architectures for Java 

Dan S. Wallach, Dirk Balfanz, Drew Dean, Edward W. Felten 

October 1997 ACM SIGOPS Operating Systems Review , Proceedings of the sixteenth 

ACM symposium on Operating systems principles, volume 3i issue 5 
Full text available: ^ pdf(2.15 MB) Additional Infomnation: full citation , references , citings . Index terms 



30 LiSP: A li g htwei gh t security protocol for wireless sensor networks 
Taejoon Park, Kang G. Shin 

August 2004 ACM Transactions on Embedded Computing Systems (TECS), volume 3 issue 3 
Full text available: ^ pdf(487.54 KB) Additional Information: full citation , abstract , references. Index terms 

Small low-cost sensor devices with limited resources are being used widely to build a self- 
organizing wireless network for various applications, such as situation monitoring and asset 
surveillance. Making such a sensor network secure Is crucial to their intended applications, 
yet challenging due to the severe resource constraints in each sensor device. We present a 
lightweight security protocol (LiSP) that makes a tradeoff between security and resource 
consumption via efficient rekeying. ... 

Keywords: Authentication, key management, lightweight security, sensor networks 



31 The proactive security toolkit and a pplications 
Boaz Barak, Amir Herzberg, Dalit Naor, Eldad Shai 

November 1999 Proceedings of the 6th ACM conference on Computer and 

communications security 

r- 11 * ^ -I ui 0t ^*/ooo TA Additional Information: full citation , abstract , references , citings , index 

Full text available: TO pdff823.74 KB) ' ^ 

^ terms 

Existing security mechanisms focus on prevention of penetrations, detection of a 
penetration and (manual) recovery tools Indeed attackers focus their penetration efforts on 
breaking into critical modules, and on avoiding detection of the attack. As a result, security 
tools and procedures may cause the attackers to lose control over a specific module 
(computer, account), since the attacker would rather lose control than risk detection of the 
attack. While controlling the module, attacker may ... 

32 Formal Models for Connputer Security 
Carl E. Landwehr 

September 1981 ACM Computing Surveys (CSUR), volume 13 issue 3 

Full text available: ^ pdf(2.98 MB) Additional Information: full citation , references , citings , index terms 
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Software security and privacy risks in mobile e-commerce 
Anup K. Ghosh, Tara M. Swaminatha 

February 2001 Communications of the ACM, volume 44 issue 2 

Full text available: ^„pdf(90.58 KBi[g| Additional Information: full citation , references, citings, index terms 
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Stateful distributed interposition 
John Reumann, Kang G. Shin 

February 2004 ACM Transactions on Computer Systems (TOCS), volume 22 issue 1 

Full text available: ^ pdf(833.84 KB) Additional Information: full citation , abstr act, references , index terms 

Interposition-based system enhancements for multitiered servers are difficult to build 
because important system context is typically lost at application and machine boundaries. 
For example, resource quotas and user identities do not propagate easily between 
cooperating services that execute on different hosts or that communicate with each other 
via intermediary services. Application-transparent system enhancement is difficult to 
achieve when such context information is obscured by complex servic ... 

Keywords: Distributed computing, component services, distributed context, multitiered 
services, operating systems, server consolidation 



35 Data base directions: the next steps I 
John L. Berg 

November 1976 , volume s , s issue 4,2 

Full text available: g pdf(9.95 MB) Additional Information: full citation , abstract 

What information about data base technology does a manager need to make prudent 
decisions about using this new technology? To provide this information the JMational Bureau 
of Standards and the Association for Computing Machinery established a workshop of 
approximately 80 experts in five major subject areas. The five subject areas were auditing, 
evolving technology, government regulations, standards, and user experience. Each area 
prepared a report contained in these proceedings. The proceedings p ... 

Keywords: DBMS, auditing, cost/benefit analysis, data base, data base management, 
government regulation, management objectives, privacy, security, standards, technology 
assessment, user experience 

36 Security on FPGAs: State-of-the-art implementations and attacks | 
Thomas Wollinger, Jorge Guajardo, Christof Paar 

August 2004 ACM Transactions on Embedded Computing Systems (TECS), volume 3 issue 3 
Full text available: ^ pdf(296.79 KB) Additional Information: full citation , abstract , references , index terms 

In the last decade, it has become apparent that embedded systems are integral parts of our 
every day lives. The wireless nature of many embedded applications as well as their 
omnipresence has made the need for security and privacy preserving mechanisms 
particularly important. Thus, as field programmable gate arrays (FPGAs) become integral 
parts of embedded systems, it is imperative to consider their security as a whole. This 
contribution provides a state-of-the-art description of security issues ... 

Keywords: Cryptography, FPGA, attacks, cryptographic applications, reconfigurable 
hardware, reverse engineering, security 
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37 Protection and the control of information sharing in multics 
Jerome H. Saltzer 

July 1974 Communications of the ACM, volume 17 issue 7 

Additional Information: full citation , abstract , references , citings , index 



Full text available: ' ^- 

terms 

The design of mechanisms to control the sharing of information in the Multics system is 
described. Five design principles help provide insight into the tradeoffs among different 
possible designs. The l<ey mechanisms described include access control lists, hierarchical 
control of access specifications, identification and authentication of users, and primary 
memory protection. The paper ends with a discussion of several known weaknesses in the 
current protection mechanism design. 

Keywords: Multics, access control, authentication, computer utilities, descriptors, privacy, 
proprietary programs, protected subsystems, protection, security, time-sharing systems, 
virtual memory 
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hoc wireless network 

Thomas S. Messerges, Johnas Cukier, Tom A. M. Kevenaar, Larry Puhl, Rene Struik, Ed 
Callaway 

October 2003 Proceedings of the 1st ACM workshop on Security of ad hoc and sensor 
networks 

Full text available: ^ pdf(353.25 KB) Additional Information: full citation , abstract , references , index terms 

We present a security design for a general purpose, self-organizing, multlhop ad hoc 
wireless network, based on the IEEE 802.15.4 low-rate wireless personal area network 
standard. The design employs elliptic-curve cryptography and the AES block cipher to 
supply message Integrity and encryption services, key-establishment protocols, and a large 
set of extended security services, while at the same time meeting the low implementation 
cost, low power, and high flexibility requirements of ad hoc wire ... 

Keywords: 802.15.4, ad hoc networks, security, wireless 



An end-to-end approach to glo bally scalable network stora g e 
MIcah Beck, Terry Moore, James S. Plank 

August 2002 ACM SIGCOMM Computer Communication Review , Proceedings of the 

2002 conference on Applications, technologies, architectures, and 

protocols for computer communications, volume 32 issue 4 
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Full text available:^ pdf(286.82 KB) terms 

This paper discusses the application of end-to-end design principles, which are 
characteristic of the architecture of the Internet, to network storage. Wliile putting storage 
Into the network fabric may seenn to contradict end-to-end arguments, we try to show not 
only that there Is no contradiction, but also that adherence to such an approach is the key 
to achieving true scalability of shared network storage. After discussing end-to-end 
arguments with respect to several properties of network stora ... 

Keywords: IBP, asynchronous communications, end-to-end design, exNode, Internet 
backplane protocol, logistical networking, network storage, scalability, store and forward 
network, wide area storage 
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Queue Focus: Buildin g Systems to Be Shared, Securel y 
Poul-Henning Kamp, Robert Watson 

July 2004 Queue, volume 2 issue 5 

Full text available: ^ pdf(575.43 

KB) g| html Additional Information: full citation , index terms 
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62 Limitations of the Kerberos authentication system 
S. M. Bellovin, M. Merritt 

October 1990 ACM SIGCOMM Computer Communication Review, volume 20 issue 5 
Full text available: ^ pdf(1.12 MB) Additional Information: full citation , abstract, citings , index terms 

The Kerberos authentication system, a part of MIT's Project Athena, has been adopted by 
other organizations. Despite Kerberos's many strengths, it has a number of limitations and 
some weaknesses. Some are due to specifics of the MIT environment; others represent 
deficiencies In the protocol design. We discuss a number of such problems, and present 
solutions to some of them. We also demonstrate how special-purpose cryptographic 
hardware may be needed in some cases. 

63 Technolo g y to enable learnin g : Creating remotely accessible "virtual networks" on a 
single PC to teach computer networking and operating systems 

Mark stockman 

October 2003 Proceeding of the 4th conference on Information technology curriculum 

c M * ^ I 0t ^«onn ce i^d\ Additional Information: full citation , abstract , references , citings , index 

Full text available: pdf(209.56 KB) : 

^^^^^^ terms, review 

Instruction In the area of computer networking (specifically systems administration) can be 
cumbersome and ineffective; and is almost always is an expensive prospect when it comes 
to instructional and lab facilities. Problems arise both in the classroom and the lab when 
trying to recreate a true computing environment. Two solutions spelled out In this paper, 
virtual machines and remoting technology, have been implemented to help solve these 
problems encountered in the delivery of instruction. 

Keywords: networking lab, remote administration, remoting technology, systems 
administration instruction, virtual machines, virtual network 
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64 Integrating security in a large distributed system 
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Full text available: Iga pdf(2.90 MB) ~ : 

terms , review 

Andrew is a distributed connputing environment that is a synthesis of the personal 
computing and timesharing paradigms. When mature, it is expected to encompass over 
5,000 workstations spanning the Carnegie Mellon University campus. This paper examines 
the security issues that arise in such an environment and describes the mechanisms that 
have been developed to address them. These mechanisms include the logical and physical 
separation of servers and clients, support for secure communication .... 

65 Frameworks for component-based client/server computin g 
Scott M. Lewandowski 

March 1998 ACM Computing Surveys (CSUR), volume 30 issue i 

Full text available: g pdf(243.81 KB ) Additional Information: full citation , references , citings, index terms 



66 O— IMAP in 90 days or how to mi g rate 25.000 users to IMAP in three months 
Jay Graham 

October 2000 Proceedings of the 28th annual ACM SIGUCCS conference on User 
services: Building the future 

Full text available: ^ pdf(123.22 KB) Additional Infonmation: full citation, index terms 
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67 MULTISAFE— a modular multiprocessin g approach to secure database management U 
Robert P. Trueblood, H. Rex Hartson, Johannes J. Martin 

September 1983 ACM Transactions on Database Systems (TODS), volume 8 issue 3 

Full text available: ^ pdf(2.00 MB ) Additional Information: full citation , abstract , references , index terms 

This paper describes the configuration and intermodule communication of a MULTImodule 
system for supporting Secure Authorization with Full Enforcement (MULTISAFE) for 
database management. A modular architecture is described which provides secure, 
controlled access to shared data In a multiuser environment, with low performance 
penalties, even for complex protection policies. The primary mechanisms are structured and 
verifiable. The entire approach is immediately extendible to distributed pr ... 

Keywords: abstract data types, access control, back-end database, intermodule 
communication, secure database 
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Current approaches to access control on the Web servers do not scale to enterprise-wide 
systems because they are mostly based on individual user identities. Hence we were 



http://portaLacm.org/results.cfin?query=%2Bpennission%20%2Bpassword%20%2Bstorage.,. 5/12/05 



Results (page 4): +pennission ^password H-storage +memory +authentication rewrite rest... Page 3 of 6 



motivated by the need to manage and enforce the strong and efficient RBAC access control 
technology In large-scale Web environments. To satisfy this requirement, we identify two 
different architectures for RBAC on the Web, called user-pull and server-pull. To 
demonstrate feasibility, we im ... 

Keywords: WWW security, cookies, digital certificates, role-based access control 

69 Computers and Privacy: A Survey Q 
Lance J. Hoffman 

June 1969 ACM Computing Surveys (CSUR), volume i issue 2 
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70 Data Security 

Dorothy E. Denning, Peter J. Denning 

September 1979 ACM Computing Surveys (CSUR), volume ii issue 3 
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Gr a pevine: an exe rci se in dist ributed comput i n g 

Andrew D. Birrell, Roy Levin, Michael D. Schroeder, Roger M. Needham 

April 1982 Communications of the ACM, Volume 25 issue 4 
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Grapevine is a multicomputer system on the Xerox research internet. It provides facilities 
for the delivery of digital messages such as computer mail; for naming people, machines, 
and services; for authenticating people and machines; and for locating services on the 
internet. This paper has two goals: to describe the system itself and to serve as a case 
study of a real application of distributed computing. Part I describes the set of services 
provided by Grapevine and how its data and funct ... 

H ig h d i c ti onar y com pre s sion for pro active p assword checkin g 
Francesco Bergadano, Bruno Crispo, Giancarlo Ruffo 

November 1998 ACM Transactions on Information and System Security (TISSEC), volume 
1 Issue 1 

Full text available* 1S pdf(141 89 KB) Additional Information: full citation , abstract , references , citings , index 
'^^^"^ '' terms, re view 

The important problem of user password selection is addressed and a new proactive 
password-checking technique is presented. In a training phase, a decision tree is generated 
based on a given dictionary of weak passwords. Then, the decision tree is used to 
determine whether a user password should be accepted. Experimental results described 
here show that the method leads to a very high dictionary compression (up to 1000 to 1) 
with low error rates (of the order of 1%). A prototype implementat ... 

Keywords: access control, decision trees, password selection, proactive password checking 
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Full text available: Wi p6U242A7 KB) ^ 

As sensor networks edge closer towards wide-spread deployment, security issues become a 
central concern. So far, much research has focused on making sensor networks feasible and 
useful, and has not concentrated on security. 

We present a suite of security building blocks optimized for resource-constrained 
environments and wireless communication. SPINS has two secure building blocks: SNEP 
and &mgr;TESLA SNEP provides the following important baseline security primitives: Data 
confidentia ... 

A ubiquitous stable stor ag e for nnobile com p uting devices 
Legand L. Burge, Suleiman Baajun, Moses Garuba 

March 2001 Proceedings of the 2001 ACM symposium on Applied computing 

Full text available: ^ pdf(80.15 KB) Additional Information: full citation , references . Index terms 



Keywords: Jini, mobile computing, post-pc, security, wireless 



75 Session 7: password s r evisited: A note on proactive password check ing 
Jianxin Jeff Yan 

September 2001 Proceedings of the 2001 worl<shop on New security paradigms 

Full text available: pdf(505.52 KB) Additional Information: full citation , abstract, references , index terms 

Nowadays, proactive password checking algorithms are based on the philosophy of the 
dictionary attack, and they often fail to prevent some weak passwords with low entropy. In 
this paper, a new approach is proposed to deal with this new class of weak passwords by 
(roughly) measuring entropy. A simple example is given to exploit effective patterns to 
prevent low-entropy passwords as the first step of entropy-based proactive password 
checking. 

Keywords: dictionary attack, entropy, proactive password checking 
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Full text available: ^ pdf(61 3.63 KB) r. * * 
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On secure and pseudonymous client-relationships with multiple servers 
Eran Gabber, Phillip B. Gibbons, David M. Kristol, Yossi Matias, Alain Mayer 
November 1999 ACM Transactions on Information and System Security (TISSEC), volume 
2 Issue 4 

Full text available- fi3pdf(161 56 KB) Additional Information: full citation , abstract , references , citings , index 
. terms , review 

This paper Introduces a cryptographic engine, Janus, which assists clients in establishing 
and maintaining secure and pseudonymous relationships with multiple servers. The setting 
is such that clients reside on a particular subnet (e.g., corporate Intranet, ISP) and the 
servers reside anywhere on the Internet. The Janus engine allows each client-server 
relationship to use either weak or strong authentication on each interaction. At the same 
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time, each interaction preserves privacy by neithe ... 

Keywords: Janus function, anonymity, mailbox, persistent relationship, privacy, 
pseudonym 



Reflection as a mechanism for software inte g rity verification 
Dlomldis Spinellis 

February 2000 ACM Transactions on Information and System Security (TZSSEC), volume 3 
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Full text available: fS pdf (85.99 KB) - — ; 

review 

The integrity verification of a device's controlling software Is an innportant aspect of nnany 
emerging infornnation appliances. We propose the use of reflection, whereby the software is 
able to examine its own operation, in conjunction with cryptographic hashes as a basis for 
developing a suitable software verification protocol. For more demanding applications meta- 
reflective techniques can be used to thwart attacks based on device emulation strategies. 
We demonstrate how our approach can be ... 

Keywords: cryptographic hash function, embedded device, message digest 
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Full text available: 1|a pdf(1 .45 MB) — ^ 
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We describe a design and innplementation of security for a distributed systenn. In our 
system, applications access security services through a narrow interface. This interface 
provides a notion of identity that includes simple principals, groups, roles, and delegations. 
A new operating system component manages principals, credentials, and secure channels. 
It checks credentials according to the formal rules of a logic of authentication. Our 
implementation is efficient enough to support a substantia ... 

80 Emergent web patterns: Autonnatically sharing web experiences through a 
hy perdocument recomnnender systenn 

Alessandra Alaniz Macedo, Khai N. Truong, Jose Antonio Camacho-Guerrero, Maria da Gra^a 
Pimentel 

August 2003 Proceedings of the fourteenth ACM conference on Hypertext and 
hypermedia 

Full text available:1 5|Ddf(620.88 KB) Additional Information: Ml dtaflon, abstLact. references , dflogs. index 
'^^^ terms 

As an approach that applies not only to support user navigation on the Web, recommender 
systems have been built to assist and augment the natural social process of asking for 
recommendations from other people. In a typical recommender system, people provide 
suggestions as inputs, which the system aggregates and directs to appropriate recipients. 
In some cases, the primary computation is in the aggregation; in others, the value of the 
system lies in its ability to make good matches between the re ... 

Keywords: information retrieval, open hypermedia, recommender systems, semantic 
structures, web 
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41 Sec urit y issues for wi rel ess ATM networks 
Danai Patiyoot 

January 2002 ACM SIGOPS Operating Systems Review, volume 36 issue i 

Full text available: ^ pdf(1.75 M B ) Additional Information: full citation, abstract , refere nces. In dex terms 

To be able to fulfil the need of user in wireless ATM, the systenn has to acquire features. 
One of the systenn features for the wireless ATM is functionality especially the security 
aspect. There is so far tittle, if not none, security consideration in the developing of wireless 
ATM standard. Therefore a wide range of features in security functions is in consideration. 
This paper tried to define the features of security in wireless ATM networks considering It 
features from existing fixed ATM netwo ... 



Keywords: security, wireless ATM 



^2 Network security probe 

p. Rolin, L Toutain, S. Gonnbault 

November 1994 Proceedings of the 2nd ACM Conference on Computer and 
communications security 

Full text available: ^ pdf(1.04 MB) Additional Information: full citation, abstract , references . Index terms 

Many current approach to access control assunne all external access are dangerous. As a 
consequence they stop all communication and check for authorisation. We present an 
optimistic approach to provide security services in a network environment that do not 
interject the security services into the operational sequence, rather, the security services 
are established as a parallel set of services/steps. This optimistic approach let go the 
communication and checks in parallel for authorization, i ... 

Keywords: Network Security Probe, access control, audit, intrusion, security 
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terms 

This paper describes the nnotivation, design, and performance of Porcupine, a scalable nnail 
server. The goal of Porcupine Is to provide a highly available and scalable electronic mail 
service using a large cluster of commodity PCs. We designed Porcupine to be easy to 
manage by emphasizing dynamic load balancing, automatic configuration, and graceful 
degradation in the presence of failures. Key to the system's manageability, availability, and 
performance is that sessions, data, and underlying serv ... 

Andrew: a distributed personal connputinq environnnent 

James H. Morris, Mahadev Sat^anarayanan, Michael H. Conner, John H. Howard, David S. 
Rosenthal, F. Donelson Smith 

March 1986 Communications of the ACM, volume 29 issue 3 

r- II* ^ -■ u> 0 ^ir/o -le ftjiDx Additional Information: full citation , abstract , references , citings , index 

Full text available: TO pdf(2.16 MB) ^ 
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The Information Technology Center (ITC), a collaborative effort between IBM and Carnegie- 
Mellon University, is in the process of creating Andrew, a prototype computing and 
communication system for universities. This article traces the origins of Andrew, discusses 
its goals and strategies, and gives an overview of the current status of its implementation 
and usage. 

45 Web technolo g ies and applications (WTA): Cookies on-the-move: managin g cookies 
on a smart card 
Alvin T. S. Chan 

March 2004 Proceedings of the 2004 ACM symposium on Applied computing 

Full text available: pdf(335.19 KB) Additional Information: full citation , abstract , references 

Despite the widespread use and adoption of cool<ies as the basis for web applications to 
keep state information, cookies present sonne design issues that are yet to be fully 
addressed. The fact that cookies are stored on client-side's memory means that they are 
tightly coupled to the machine that is interacting with the web server. Yet often, these 
cookies are initiated by web applications to identify user's preferences and identifications. 
As the user moves across different machines to access the ... 

Keywords: Web, cookies, mobile, smart card 
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Full text available: TO pdf(233.31 KB) ^ 
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Recent advances in wireless data networking and portable information appliances have 
engendered a new paradigm of computing, called mobile computing, in which users carrying 
portable devices have access to data and information services regardless of their physical 
location or movement behavior. In the meantime, research addressing information access 
in mobile environments has proliferated. In this survey, we provide a concrete framework 
and categorization of the various way ... ^ 

Keywords: application adaptation, cache invalidation, caching, client/server, data 
dissemination, disconnected operation, mobile applications, mobile client/server, mobile 
compuing, mobile data, mobility awareness, survey, system application 



http://portal.acm.org/resultsxfo?query=%2Bpennission%20%2Bpassword%20%2Bstor^^^ 5/12/05 



Results (page 3): -^permission H-password H-storage +memory ^authentication rewrite rest... Page 3 of 6 



47 Two years of experience with a &mqr>Kernel based OS Q 
Jochen Liedtke, Ulrich Bartling, Uwe Beyer, Dietmar Heinrichs, Rudolf Ruland, Gyula Szalay 

April 1991 ACM SIGOPS Operating Systems Review, volume 25 issue 2 

Full text available: ^ pdf(829.22 KB) Additional Information: full citation , abstract , citing s, index terms 

This paper describes the basic components of the L3 operating system and the experiences 
of the first two years using it. The system results from scientific research, but is addressed 
to commercial application. It is based on a small kernel handling tasks, threads and 
dataspaces. User level device drivers and file systems are described as examples of flexible 
OS services realized outside the kernel. 

48 Computation and communication in R*: a distributed database manager Q 
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The Ringling School of Art and Design is a fully accredited four year college of visual art and 
design with a student population of approximately 1000. The Ringling School has achieved 
national recognition for its large-scale integration of technology into collegiate visual art and 
design education and maintains a student to computer ratio of better than two to one. Due 
to the demand for computing power and the requirement for ease of use, we moved our 
instructional computer laboratories to the ... 
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As one of the most successful applications of image analysis and understanding, face 
recognition has recently received significant attention, especially during the past several 
years. At least two reasons account for this trend: the first is the wide range of commercial 
and law enforcement applications, and the second is the availability of feasible technologies 
after 30 years of research. Even though current machine recognition systems have reached 
a certain level of maturity, their success is ... 
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Application development for high-performance distributed computing systems, or 
computational grids as they are sometimes called, requires ' 'grid-enabled" tools that hide 
mundane aspects of the heterogeneous grid environment without compromising 
performance. As part of an Investigation of these issues, we have developed MPICH-G, a 
grid-enabled implementation of the Message Passing Interface (MPI) that allows a user to 
run MPI programs across multiple computers at different sites using the same co ... 
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We present MobiDesk, a mobile virtual desktop conriputing hosting infrastructure that 
leverages continued innprovenrjents in network speed, cost, and ubiquity to address the 
connplexity, cost, and mobility limitations of today's personal computing infrastructure. 
MobiDesk transparently virtualizes a user's computing session by abstracting underlying 
system resources In three key areas: display, operating system, and network. It provides a 
thin virtualization layer that decouples a user's computing ses ... 
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Due to the positive response of our fall 2002 OS X deployment and our desire to provide 
the campus community with the latest and greatest tools, we upgraded our instructional 
computer laboratories to Jaguar, Macintosh OS X version 10.2 in the fall of 2003. 

This paper will outline the procedures we implemented our second time around. We shall 
discuss the items we did differently such as LDAP authentication, font management, 
application support, user training, login and logout hooks, pri ... 
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In an open distributed system, resources nnust be shared annong various users. Security is 
one of the major issues in designing such a system. When a computer system is connected 
to a network, it is very important to ensure that the computer has the ability to manage its 
local resources securely. In this position paper, we will demonstrate that current computer 
architectures do give malicious users ways to penetrate computer systems and hence 
access the system or other user's secrets which are sup ... 
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Broadcast authentication is a fundamental security service in distributed sensor networks. 
This paper presents the development of a scalable broadcast authentication scheme named 
<i> multilevel pTESLA</i> based on pTESLA, a broadcast authentication protocol whose 
scalability is limited by its unicast-based initial parameter distribution. Multilevel pTESLA 
satisfies several nice properties, including low overhead, tolerance of message loss, 
scalability to large networks, and re ... 
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In this paper, we will present an architecture for developing a systenn reliant upon trusted 
Ada software, and some of the lessons learned in our having done such a developnnent. 
Some background on trusted software and the trusted information systems within which 
such Ada software operates is provided, as well as some theoretical and practical aspects of 
the use of Ada in developing these systems. The notion of a trusted computing base (TCB) 
is presented and defined. A generalized trusted sof ... 
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